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Investigating data spills on classified systems. 



Cyber Support Unit 

- Secured funding for new line of business 

- Retooling Defence capability for larger audience 



Plus61.org 



_• RAF Swstpms Strata 
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(Network) Intrusion Detection System: 



1. Sensor on the network 



2. Rules-engine to detect suspicious traffic 



3. Generates Alerts 





Security tech has never been better 



open Letter to R5A customer* 



BAE F-35 Hack Confirmed 
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But still not keeping us 
out of the papers 
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Some people just want to see the w orld burn 

Technology ^^^^^^^^^ 




4800 Aussie sites evaporate after 
hack 

~ [ ~ ~ ~~ Asher Moses 

Join the conversabon ihl| . 



Ads by Google 

Free Forex Guide www.gft.ci 

Four Simple Steps to Making Your F 



jt Forex Trade, start Her 



I think I'm in 
shock ...I have lost 

everything I 

couldnt p ossib hj 
replicate all those 
years qfivork again. 

Related Coverage 



At least 4800 Australian websites have been lost with no chanci 
of recovery' following a break-in at Australian domain registrar 

and web host Distribute. IT. 

The hack attack caused so much damage that four of the 
company's servers were "unrecoverable", the company said, 

leaving thousands of website owners in the lurch. 

"The overall magnitude of the tragedy and the loss of our 
information and yours is simply incalculable, and we are 
distressed by the actions of the parties responsible for this 
reprehensible act," Distribute. IT said. 




Critical that you 'know thyself 




Difficult to resource your security 





in an employees market. 
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Tools I: Intrusion Detection Svstems 



Key Component of our Defence-ln-Depth 
Strategy 

1. Natural habitat is the perimeter 



2. Rule-based ( if X then Y) 

3. Stateless ; fci pressed for time. 




Tools II: Intrusion Detection Svstems 



Characteristics 



1. Box-drop culture 

2. Needy 

3. Noisy by nature 
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mans 



to make determinations. 





We have more alerts 
than we can deal with... 
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eng Kim 



And we ran't staff them properly. 
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Potential Solutions 



1. Reduce the noise (volume reduction) 
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2. Centralisation (the cloud? HissssssM) 



3. Smarter Tools for Analysis 
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Managing volume 
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Relationship modelling to: 

1. Provide analysts with all they 
need for rapid triage 

2. Detect subtle patterns, 
particularly across time 



3. Use extra information to reduce . . . . .. „ -» 

false positives TOiat can be done automatically? 
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ALL ANIMALSWRE 
EQUAL BUT -SAME 



ANIMALS AROfl ORE! 
EQUAL THAN OTHERS. 



Prioritisation - don't leave home withou 
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Better Living Through Contextual Analysis 



Example 1 : Identical email sent individually 
to many recipients. 




Example 2: Perio 
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Letting go of real-time 





8 



6/1/2012 



Summary: Tios from the Wounded. 



i. i oois are ine means not ine enas. 

2. Forget line-speed analysis. 

3. Resourcing: an untended IDS is a waste 
of budget. 



4. Massive efficiency gains come fro 
getting priorjtilation right. 
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shane.biggins@baesystems.com 




Adelaide: 

T: +61 8 8300 4400 

F: +61 8 8349 7420 

A: 2 Second Avenue, Tech Pk, Mawson Lakes SA 

5095 

Canberra 

T: +61 2 6260 8878 

F: +61 2 6260 8828 

A: Suite 1 , 50 Geils Court, Deakin ACT 2600 

Perth 

T: 1300 027 001 

F: +61 2 6260 8828 

A: PO Box 8163, Angelo Street, South Perth WA 6151 

Melbourne 

T: 1300 027 001 

F:+61 3 9614 4760 

A: Level 1 , 2 Queen Street, Melbourne VIC 3000 



Sydney 

T: 1300 027 001 

F: +61 2 9251 6393 

A: Level 6, 62 Pitt Street, Sydney NSW 




9 



